Main Vulnerability Database Exploits ID:11317 - Exploit for Improper access control in FortiManager - CVE-2021-24006

ID:11317 - Exploit for Improper access control in FortiManager - CVE-2021-24006

Published: April 18, 2025

Vulnerability identifier: #VU55559

Vulnerability risk: Medium

CVE-ID: CVE-2021-24006

CWE-ID: CWE-284

Exploitation vector: Remote access

Vulnerable software:
FortiManager

Link to public exploit:

https://github.com/cnetsec/CVE-2021-24006-Fortimanager-Exploit

Vulnerability description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in SD-WAN Orchestrator. A remote user with a restricted user profile can access the SD-WAN Orchestrator panel via directly visiting its URL.

Remediation

Install updates from vendor's website.

ID:11317 - Exploit for Improper access control in FortiManager - CVE-2021-24006

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human